Merge pull request #80820 from mattmelgard/defer-delete-kubelet-bootstrap

kubeadm: add a defer to kubelet bootstrap token deletion
2025-07-28 22:17:14 +00:00 · 2019-08-05 02:57:48 -07:00 · 2019-08-05 02:57:48 -07:00 · 040ce52a43
commit 040ce52a43
parent c4d00b1c5f f03bbe1b6d
1 changed files with 4 additions and 6 deletions
--- a/cmd/kubeadm/app/cmd/phases/join/kubelet.go
+++ b/cmd/kubeadm/app/cmd/phases/join/kubelet.go
@ -93,13 +93,16 @@ func getKubeletStartJoinData(c workflow.RunData) (*kubeadmapi.JoinConfiguration,
 // runKubeletStartJoinPhase executes the kubelet TLS bootstrap process.
 // This process is executed by the kubelet and completes with the node joining the cluster
 // with a dedicates set of credentials as required by the node authorizer
-func runKubeletStartJoinPhase(c workflow.RunData) error {
+func runKubeletStartJoinPhase(c workflow.RunData) (returnErr error) {
 	cfg, initCfg, tlsBootstrapCfg, err := getKubeletStartJoinData(c)
 	if err != nil {
 		return err
 	}
 	bootstrapKubeConfigFile := kubeadmconstants.GetBootstrapKubeletKubeConfigPath()

+	// Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap is removed from disk
+	defer os.Remove(bootstrapKubeConfigFile)
+
 	// Write the bootstrap kubelet config file or the TLS-Bootstrapped kubelet config file down to disk
 	klog.V(1).Infof("[kubelet-start] writing bootstrap kubelet config file at %s", bootstrapKubeConfigFile)
 	if err := kubeconfigutil.WriteToDisk(bootstrapKubeConfigFile, tlsBootstrapCfg); err != nil {
@ -167,11 +170,6 @@ func runKubeletStartJoinPhase(c workflow.RunData) error {
 		return errors.Wrap(err, "error uploading crisocket")
 	}

-	// Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap are removed from disk
-	if err := os.Remove(bootstrapKubeConfigFile); err != nil {
-		return errors.Wrapf(err, "error deleting %s", bootstrapKubeConfigFile)
-	}
-
 	return nil
 }